[CDRIVER-4454] Automatic Azure KMS Credentials #1097
Conversation
| bson_set_error ( | ||
| error, | ||
| MONGOC_ERROR_PROTOCOL_ERROR, | ||
| 64, |
There was a problem hiding this comment.
Using 64 is arbitrary. The error domain/code system is getting pretty messy. What should be done to make this more useful?
There was a problem hiding this comment.
I think the error codes in each domain can have a different meaning. Two domains can have the same error code.
Consider adding an error code to mongoc_error_code_t, like MONGOC_ERROR_PROTOCOL_HTTP to signal an error in an HTTP response.
| #define TEST_INSTALL(FuncName) \ | ||
| if (1) { \ | ||
| extern void FuncName (TestSuite *suite); \ | ||
| FuncName (&suite); \ | ||
| } else \ | ||
| ((void) 0) |
There was a problem hiding this comment.
This is just a drive-by change to reduce some tedium in adding tests. Can be reverted/moved.
This allows easier code review, informal verification, and testing
|
The HTTP retry-with-backoff logic has been moved to a separate function that doesn't concern itself with the request content. This allows easier informal verification of both the retry logic as well as code that invokes that that function. |
| #define TEST_INSTALL(FuncName) \ | ||
| if (1) { \ | ||
| extern void FuncName (TestSuite *suite); \ | ||
| FuncName (&suite); \ | ||
| } else \ | ||
| ((void) 0) |
|
The three added commits can be viewed in isolation in commit order to build off of each other. |
src/libmongoc/src/mongoc/mcd-azure.c
Outdated
| @@ -71,8 +71,12 @@ mcd_azure_access_token_try_init_from_json_str (mcd_azure_access_token *out, | |||
| // token_type | |||
| found = bson_iter_init_find (&iter, &bson, "token_type"); | |||
| const char *const token_type = !found ? NULL : bson_iter_utf8 (&iter, NULL); | |||
| // expires_on | |||
| */ | ||
| static bool | ||
| _try_add_azure_from_env (bson_t *out, bson_error_t *error) | ||
| _request_new_azure_mid_token (mcd_azure_access_token *out, bson_error_t *error) |
There was a problem hiding this comment.
What does "mid" refer to?
There was a problem hiding this comment.
"managed identity" in this case. I can change that if it is unclear.
There was a problem hiding this comment.
Since this is the only reference to "mid", I suggest renaming to _request_new_azure_access_token or defining "mid" in a comment.
| // The token is still valid for another minute | ||
| } else { | ||
| // The token is about to expire. Destroy it. We will then ask IMDS for | ||
| // a new oen. |
vector-of-bool
force-pushed
the
CDRIVER-4454-azure-auto-kms
branch
from
820555c to
fc2d5b5
Compare
|
|
||
| #define RAW_STRING(...) #__VA_ARGS__ | ||
|
|
||
| void |
There was a problem hiding this comment.
| void | |
| static void |
| mcd_azure_access_token_destroy (&token); | ||
| } | ||
|
|
||
| void |
There was a problem hiding this comment.
| void | |
| static void |
| #ifdef __cplusplus | ||
| extern "C" { | ||
| #endif |
There was a problem hiding this comment.
This does not seem particularly necessary. Remove?
There was a problem hiding this comment.
Practically unecessary because everything is static and therefore bounded to the TU. This just becomes a habit when creating C headers.
Refer: CDRIVER-4454
This implements automatic KMS credentials for Azure, in the same manner as are available for AWS.
To optimize for test-ability in the absence of an Azure environment, the following changes are made: